Curfew e-Pass Management System 1.0 – Stored XSS

• Exploit Database
• 17 阅读

• 作者： Arnav Tripathy
  日期： 2021-01-07
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/49391/

• # Exploit Title: Curfew e-Pass Management System 1.0 - Stored XSS 
  # Date: 2/1/2021
  # Exploit Author: Arnav Tripathy
  # Vendor Homepage: https://phpgurukul.com
  # Software Link: https://phpgurukul.com/curfew-e-pass-management-system-using-php-and-mysql/
  # Version: 1.0
  # Tested on: Windows 10/Wamp
  
  1) Log into the application
  2) Click on pass then click add a pass
  3) Put <script>alert(1)</script> in the Full name parameter , rest all fill whatever you want.
  4) Now go to manage passes, view the pass you just created.
  5) You'll get popup of alert